Информационная безопасность
[RU] switch to English


Уязвимости безопасности в WebKit / Appl Safari / Google Chrome
дополнено с 5 ноября 2012 г.
Опубликовано:9 сентября 2013 г.
Источник:
SecurityVulns ID:12695
Тип:библиотека
Уровень опасности:
6/10
Описание:Кратковременные условия, использование памяти после освобождения.
Затронутые продукты:APPLE : Safari 6.0
 GOOGLE : Chrome 22.0
CVE:CVE-2012-5112 (Use-after-free vulnerability in the SVG implementation in WebKit, as used in Google Chrome before 22.0.1229.94, allows remote attackers to execute arbitrary code via unspecified vectors.)
 CVE-2012-3748 (Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript arrays.)
Оригинальный текстdocumentbugtraq_(at)_packetstormsecurity.org, [PSA-2013-0903-1] Apple Safari Heap Buffer Overflow (09.09.2013)
 documentAPPLE, APPLE-SA-2012-11-01-2 Safari 6.0.2 (05.11.2012)

Многочисленные уязвимости безопасности в Microsoft Internet Explorer
дополнено с 14 августа 2013 г.
Опубликовано:9 сентября 2013 г.
Источник:
SecurityVulns ID:13250
Тип:клиент
Уровень опасности:
8/10
Описание:Обход защиты, межсайтовый скриптинг, повреждения памяти.
Затронутые продукты:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
 MICROSOFT : Windows 2012 Server
CVE:CVE-2013-3199 (Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability.")
 CVE-2013-3194 (Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability.")
 CVE-2013-3193 (Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3187 and CVE-2013-3191.)
 CVE-2013-3192 (Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to inject arbitrary web script or HTML via crafted character sequences with EUC-JP encoding, aka "EUC-JP Character Encoding Vulnerability.")
 CVE-2013-3191 (Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3187 and CVE-2013-3193.)
 CVE-2013-3190 (Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability.")
 CVE-2013-3189 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3188.)
 CVE-2013-3188 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3189.)
 CVE-2013-3187 (Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3191 and CVE-2013-3193.)
 CVE-2013-3186 (The Protected Mode feature in Microsoft Internet Explorer 7 through 10 on Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly implement the Integrity Access Level (aka IL) protection mechanism, which allows remote attackers to obtain medium-integrity privileges by leveraging access to a low-integrity process, aka "Process Integrity Level Assignment Vulnerability.")
 CVE-2013-3184 (Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability.")
Оригинальный текстdocumentVUPEN Security Research, VUPEN Security Research - Microsoft Internet Explorer "ReplaceAdjacentText" Use-after-free (MS13-059) (09.09.2013)
 documentVUPEN Security Research, VUPEN Security Research - Microsoft Internet Explorer Protected Mode Sandbox Bypass (Pwn2Own 2013 / MS13-059) (09.09.2013)
Файлы:Microsoft Security Bulletin MS13-059 - Critical Cumulative Security Update for Internet Explorer (2862772)

Многочисленные уязвимости безопасности в Microsoft Windows
дополнено с 14 августа 2013 г.
Опубликовано:9 сентября 2013 г.
Источник:
SecurityVulns ID:13251
Тип:удаленная
Уровень опасности:
8/10
Описание:Повреждение памяти в системе разбора рукописного ввода, повышение привилегий через RPC, повреждения памяти и обход защиты в ядре, DoS через NAT и IPv6.
Затронутые продукты:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
 MICROSOFT : Windows 2012 Server
CVE:CVE-2013-3198 (The NT Virtual DOS Machine (NTVDM) subsystem in the kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly validate kernel-memory addresses, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka "Windows Kernel Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3196 and CVE-2013-3197.)
 CVE-2013-3197 (The NT Virtual DOS Machine (NTVDM) subsystem in the kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly validate kernel-memory addresses, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka "Windows Kernel Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3196 and CVE-2013-3198.)
 CVE-2013-3196 (The NT Virtual DOS Machine (NTVDM) subsystem in the kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly validate kernel-memory addresses, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka "Windows Kernel Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3197 and CVE-2013-3198.)
 CVE-2013-3183 (The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly perform memory allocation for inbound ICMPv6 packets, which allows remote attackers to cause a denial of service (system hang) via crafted packets, aka "ICMPv6 Vulnerability.")
 CVE-2013-3182 (The Windows NAT Driver (aka winnat) service in Microsoft Windows Server 2012 does not properly validate memory addresses during the processing of ICMP packets, which allows remote attackers to cause a denial of service (memory corruption and system hang) via crafted packets, aka "Windows NAT Denial of Service Vulnerability.")
 CVE-2013-3181 (usp10.dll in the Unicode Scripts Processor in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "Uniscribe Font Parsing Engine Memory Corruption Vulnerability.")
 CVE-2013-3175 (Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a malformed asynchronous RPC request, aka "Remote Procedure Call Vulnerability.")
 CVE-2013-2556 (Unspecified vulnerability in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 through SP1 allows attackers to bypass the ASLR protection mechanism via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own competition at CanSecWest 2013, aka "ASLR Security Feature Bypass Vulnerability.")
Оригинальный текстdocumentVUPEN Security Research, VUPEN Security Research - Microsoft Windows "LdrHotPatchRoutine" Remote ASLR Bypass (Pwn2Own 2013 / MS13-063) (09.09.2013)
Файлы:Microsoft Security Bulletin MS13-060 - Critical Vulnerability in Unicode Scripts Processor Could Allow Remote Code Execution (2850869)
 Microsoft Security Bulletin MS13-062 - Important Vulnerability in Remote Procedure Call Could Allow Elevation of Privilege (2849470)
 Microsoft Security Bulletin MS13-063 - Important Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2859537)
 Microsoft Security Bulletin MS13-064 - Important Vulnerability in Windows NAT Driver Could Allow Denial of Service (2849568)
 Microsoft Security Bulletin MS13-065 - Important Vulnerability in ICMPv6 could allow Denial of Service (2868623)

Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:9 сентября 2013 г.
Источник:
SecurityVulns ID:13263
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:CACTI : cacti 0.8
 COTONI : Cotonti 0.9
 APACHE : Struts 2.3
 SILVERSTRIPE : SilverStripe CMS 3.0
 PHPMYADMIN : phpmyadmin 3.5
 MCIMAGEMANAGER : Moxiecode Image Manager 3.1
 ALMACOR : aCMS 1.0
 OTRS : otrs 3.2
 JOOMLA : Joomla 3.1
 SOLTECH : Soltech.CMS 0.4
 GDD : GDD FLVPlayer 3.635
 AVAYA : Avaya IP Office Customer Call Reporter 8.0
 AVAYA : Avaya IP Office Customer Call Reporter 9.0
 VOLTEDIT : VoltEdit 26.0
 GROUPLINK : GroupLink everything HelpDesk 10.0
 INDIANIC : Testimonial 2.2
 CAPASYSTEMS : Performance Guard 6.2
 LCMS : lcms 1.19
 DJANGO : django 1.5
 JOOMLA : VirtueMart 2.0
 DEWES : DeWeS 0.4
 STRATA : Twilight CMS 5.17
 WORDPRESS : BackWPup 3.0
 XYMON : Xymon 4.2
 CAKEPHP : CakePHP 2.3
 JOOMLA : redSHOP 1.2
 PHPFOX : PHPFox 3.6
 TRUSTPORT : Trustport Webfilter 5.5
 APACHE : CloudStack 4.1
 BIGTREE : BigTree CMS 2.0
 SOCIALENGINE : SocialEngine 4.5
 WORDPRESS : Usernoise 3.7
 JOOMLA : JSE Event 1.0
 JOOMLA : Sectionix 2.5
 OWNCLOUD : owncloud 5.0
 VTIGER : vTiger CMS 5.4
 JAHIA : Jahia xCM 6.6
 MOJOPORTAL : MojoPortal 2.3
 WORDPRESS : Better WP Security 3.5
CVE:CVE-2013-5589 (SQL injection vulnerability in cacti/host.php in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.)
 CVE-2013-5588 (Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the step parameter to install/index.php or (2) the id parameter to cacti/host.php.)
 CVE-2013-5216 (Directory traversal vulnerability in logreader/uploadreader.jsp in CapaSystems Performance Guard before 6.2.102 allows remote attackers to read arbitrary files via unspecified vectors.)
 CVE-2013-5003 (Multiple SQL injection vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote authenticated users to execute arbitrary SQL commands via (1) the scale parameter to pmd_pdf.php or (2) the pdf_page_number parameter to schema_export.php.)
 CVE-2013-5002 (Cross-site scripting (XSS) vulnerability in libraries/schema/Export_Relation_Schema.class.php in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted pageNumber value to schema_export.php.)
 CVE-2013-5000 (phpMyAdmin 3.5.x before 3.5.8.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to config.default.php and other files.)
 CVE-2013-4998 (phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to pmd_common.php and other files.)
 CVE-2013-4996 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a crafted database name, (2) a crafted user name, (3) a crafted logo URL in the navigation panel, (4) a crafted entry in a certain proxy list, or (5) crafted content in a version.json file.)
 CVE-2013-4995 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SQL query that is not properly handled during the display of row information.)
 CVE-2013-4900 (Directory traversal vulnerability in DeWeS web server 0.4.2 and possibly earlier, as used in Twilight CMS, allows remote attackers to read arbitrary files via a ..%5c (dot dot encoded backslash) in a GET request.)
 CVE-2013-4899 (Cross-site scripting (XSS) vulnerability in Twilight CMS 5.17 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the gallery/ page.)
 CVE-2013-4898 (Unrestricted file upload vulnerability in the user profile page feature in the Timeline Plugin 4.2.5p9 for SocialEngine allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in public/temporary/timeline/.)
 CVE-2013-4880 (Cross-site scripting (XSS) vulnerability in core/admin/modules/developer/modules/views/add.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to inject arbitrary web script or HTML via the module parameter.)
 CVE-2013-4879 (SQL injection vulnerability in core/inc/bigtree/cms.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to index.php.)
 CVE-2013-4789 (SQL injection vulnerability in modules/rss/rss.php in Cotonti before 0.9.14 allows remote attackers to execute arbitrary SQL commands via the "c" parameter to index.php.)
 CVE-2013-4717
 CVE-2013-4626 (Cross-site scripting (XSS) vulnerability in the BackWPup plugin before 3.0.13 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tab parameter to wp-admin/admin.php.)
 CVE-2013-4624 (Multiple cross-site scripting (XSS) vulnerabilities in Jahia xCM 6.6.1.0 before hotfix 7 allow remote attackers to inject arbitrary web script or HTML via (1) the site parameter to engines/manager.jsp, (2) the searchString parameter to administration/ in a search action, or the (3) username, (4) firstName, (5) lastName, (6) email, or (7) organization field to administration/ in a users action.)
 CVE-2013-4276 (Multiple stack-based buffer overflows in LittleCMS (aka lcms or liblcms) 1.19 and earlier allow remote attackers to cause a denial of service (crash) via a crafted (1) ICC color profile to the icctrans utility or (2) TIFF image to the tiffdiff utility.)
 CVE-2013-4249 (Cross-site scripting (XSS) vulnerability in the AdminURLFieldWidget widget in contrib/admin/widgets.py in Django 1.5.x before 1.5.2 and 1.6.x before 1.6 beta 2 allows remote attackers to inject arbitrary web script or HTML via a URLField.)
 CVE-2013-4173 (Directory traversal vulnerability in the trend-data daemon (xymond_rrd) in Xymon 4.x before 4.3.12 allows remote attackers to delete arbitrary files via a .. (dot dot) in the host name in a "drophost" command.)
 CVE-2013-4160 (Little CMS (lcms2) before 2.5, as used in OpenJDK 7 and possibly other products, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to (1) cmsStageAllocLabV2ToV4curves, (2) cmsPipelineDup, (3) cmsAllocProfileSequenceDescription, (4) CurvesAlloc, and (5) cmsnamed.)
 CVE-2013-4152 (The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue.)
 CVE-2013-3215
 CVE-2013-3214
 CVE-2013-3213 (Multiple SQL injection vulnerabilities in vTiger CRM 5.0.0 through 5.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) picklist_name parameter in the get_picklists method to soap/customerportal.php, (2) where parameter in the get_tickets_list method to soap/customerportal.php, or (3) emailaddress parameter in the SearchContactsByEmail method to soap/vtigerolservice.php; or remote authenticated users to execute arbitrary SQL commands via the (4) emailaddress parameter in the SearchContactsByEmail method to soap/thunderbirdplugin.php.)
 CVE-2013-3212
 CVE-2013-2653 (security/MemberLoginForm.php in SilverStripe 3.0.3 supports login using a GET request, which makes it easier for remote attackers to conduct phishing attacks without detection by the victim.)
 CVE-2013-2251 (Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.)
 CVE-2013-2248 (Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.)
 CVE-2013-2136 (Multiple cross-site scripting (XSS) vulnerabilities in Apache CloudStack before 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Physical network name to the Zone wizard; (2) New network name, (3) instance name, or (4) group to the Instance wizard; (5) unspecified "multi-edit fields;" and (6) unspecified "list view" edit fields related to global settings.)
 CVE-2013-1435 ((1) snmp.php and (2) rrd.php in Cacti before 0.8.8b allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors.)
 CVE-2013-1434 (Multiple SQL injection vulnerabilities in (1) api_poller.php and (2) utility.php in Cacti before 0.8.8b allow remote attackers to execute arbitrary SQL commands via unspecified vectors.)
Оригинальный текстdocumentNCC Group Research, NGS00500 Technical Advisory: Bit51 Better WP Security Plugin - Unauthenticated Stored XSS to RCE (09.09.2013)
 documentMANDRIVA, [ MDVSA-2013:203 ] phpmyadmin (09.09.2013)
 documentvulns_(at)_dionach.com, MojoPortal XSS (09.09.2013)
 documentHigh-Tech Bridge Security Research, Multiple XSS Vulnerabilities in Jahia xCM (09.09.2013)
 documentHigh-Tech Bridge Security Research, SQL Injection in Cotonti (09.09.2013)
 documentEgidio Romano, [KIS-2013-08] vtiger CRM <= 5.4.0 (SOAP Services) Authentication Bypass Vulnerability (09.09.2013)
 documentEgidio Romano, [KIS-2013-07] vtiger CRM <= 5.4.0 (vtigerolservice.php) PHP Code Injection Vulnerability (09.09.2013)
 documentEgidio Romano, [KIS-2013-06] vtiger CRM <= 5.4.0 (SOAP Services) Multiple SQL Injection Vulnerabilities (09.09.2013)
 documentEgidio Romano, [KIS-2013-05] vtiger CRM <= 5.4.0 (customerportal.php) Two Local File Inclusion Vulnerabilities (09.09.2013)
 documentRustein, Fara Denise (LATCO - Buenos Aires), SilverStripe(R) Information Exposure Through Query Strings in GET Request (CWE-598) (09.09.2013)
 documentEmilio Pinna, Joomla core <= 3.1.5 reflected XSS vulnerability (09.09.2013)
 documentMANDRIVA, [ MDVSA-2013:206 ] owncloud (09.09.2013)
 documentmatias.fontanini_(at)_gmail.com, Joomla com_sectionex v2.5.96 SQL Injection vulnerabilities (09.09.2013)
 documentsamelat_(at)_gmail.com, Joomseller "Events Booking Pro" and "JSE Event" reflected XSS (09.09.2013)
 documentroguecoder_(at)_hush.com, Usernoise 3.7.8 WP plugin cross-site scripting vulnerability (09.09.2013)
 documentHigh-Tech Bridge Security Research, Multiple Vulnerabilities in BigTree CMS (09.09.2013)
 documentAPACHE, Updated [CVE-2013-2136] Apache CloudStack Cross-site scripting (XSS) vulnerabiliity (09.09.2013)
 documentOliver Karow, Trustport Webfilter Remote File Access Vulnerability (09.09.2013)
 documentmatias.fontanini_(at)_gmail.com, PHPFox v3.6.0 (build3) Multiple SQL Injection vulnerabilities (09.09.2013)
 documentmatias.fontanini_(at)_gmail.com, Joomla! redSHOP component v1.2 SQL Injection (09.09.2013)
 documentroguecoder_(at)_hush.com, [RCA-201308-01] HMS Testimonials 2.0.10 WP plugin - Multiple vulnerabilities (09.09.2013)
 documentvuln-report_(at)_secur3.us, ReviewBoard Vulnerabilities (09.09.2013)
 documentmbsdtest01_(at)_gmail.com, Struts2 Prefixed Parameters OGNL Injection Vulnerability (09.09.2013)
 documentmbsdtest01_(at)_gmail.com, Struts2 Prefixed Parameters Open Redirect Vulnerability (09.09.2013)
 documentmbsdtest01_(at)_gmail.com, CakePHP AssetDispatcher Local File Inclusion Vulnerability (09.09.2013)
 documentMANDRIVA, [ MDVSA-2013:212 ] otrs (09.09.2013)
 documentMANDRIVA, [ MDVSA-2013:213 ] xymon (09.09.2013)
 documentHigh-Tech Bridge Security Research, Path Traversal in DeWeS Web Server (Twilight CMS) (09.09.2013)
 documentHigh-Tech Bridge Security Research, Cross-Site Scripting (XSS) in Twilight CMS (09.09.2013)
 documentHigh-Tech Bridge Security Research, Cross-Site Scripting (XSS) in BackWPup WordPress Plugin (09.09.2013)
 documentPIVOTAL, CVE-2013-4152 XML External Entity (XXE) injection in Spring Framework (09.09.2013)
 documentmatias.fontanini_(at)_gmail.com, Joomla! VirtueMart component <= 2.0.22a - SQL Injection (09.09.2013)
 documentiedb.team_(at)_gmail.com, Wordpress videowhisper-live-streaming-integration Plugin Xss vulnerabilities (09.09.2013)
 documentDEBIAN, [SECURITY] [DSA 2740-1] python-django security update (09.09.2013)
 documentiedb.team_(at)_gmail.com, Wordpress post-gallery Plugin Xss vulnerabilities (09.09.2013)
 documentMANDRIVA, [ MDVSA-2013:220 ] lcms (09.09.2013)
 documentdanielthomson72_(at)_gmail.com, Drupal Node View Permissions module and Flag module Vulnerabilities (09.09.2013)
 documentkerem.kocaer_(at)_gmail.com, CVE-2013-5216 CapaSystems Performance Guard Path Traversal Vulnerability (09.09.2013)
 documentDEBIAN, [SECURITY] [DSA 2747-1] cacti security update (09.09.2013)
 documentroguecoder_(at)_hush.com, IndiaNIC Testimonail WP plugin - Multiple vulnerabilities (09.09.2013)
 documentSEC Consult Vulnerability Lab, SEC Consult SA-20130904-0 :: GroupLink everything HelpDesk - undocumented password reset/admin takeover and XSS vulnerabilities (09.09.2013)
 documentautumn love, Sql Injection in "2easy Web Applications" (09.09.2013)
 documentX-Cisadane, VoltEdit CMS SQL Injection Admin Login Bypass & Shell Upload Vulnerability (09.09.2013)
 documentX-Cisadane, VoltEdit CMS SQL Injection Admin Login Bypass & Shell Upload Vulnerability (09.09.2013)
 documentMustLive, XSS and FPD vulnerabilities in WPtouch and WPtouch Pro for WordPress (09.09.2013)
 documentMustLive, XSS and CS vulnerabilities in aCMS (09.09.2013)
 documentMustLive, XSS and CS vulnerabilities in aCMS (09.09.2013)
 documentMustLive, SQL Injection vulnerability in Soltech.CMS (09.09.2013)
 documentMustLive, CS, XSS and FPD vulnerabilities in MCImageManager for TinyMCE (09.09.2013)
 documentMustLive, CS, XSS and FPD vulnerabilities in MCImageManager for TinyMCE (09.09.2013)
 documentMustLive, CS, XSS and FPD vulnerabilities in MCImageManager for TinyMCE (09.09.2013)
 documentMustLive, Vulnerabilities in Avaya IP Office Customer Call Reporter (09.09.2013)
 documentMustLive, Vulnerabilities in Avaya IP Office Customer Call Reporter (09.09.2013)
 documentMustLive, CS and XSS vulnerabilities in GDD FLVPlayer (09.09.2013)
 documentMustLive, Vulnerabilities in multiple web applications with GDD FLVPlayer (09.09.2013)
 documentMustLive, Vulnerabilities in multiple plugins for WordPress with GDD FLVPlayer (09.09.2013)
 documentMustLive, XSS and CS vulnerability in Soltech.CMS (09.09.2013)
 documentMustLive, XSS and CS vulnerability in Soltech.CMS (09.09.2013)
 documentMustLive, Insufficient Authorization vulnerability in Act (09.09.2013)

DoS против Apple AitPort
Опубликовано:9 сентября 2013 г.
Источник:
SecurityVulns ID:13264
Тип:удаленная
Уровень опасности:
5/10
Описание:Некорректная обработка пакетов с неправильной длиной.
CVE:CVE-2013-5132 (Apple AirPort Base Station Firmware before 7.6.4 does not properly handle incorrect frame lengths, which allows remote attackers to cause a denial of service (device crash) by associating with the access point and then sending a short frame.)
Оригинальный текстdocumentAPPLE, APPLE-SA-2013-09-06-1 AirPort Base Station Firmware Update 7.6.4 (09.09.2013)

Межсайтовый скриптинг в RoundCube
Опубликовано:9 сентября 2013 г.
Источник:
SecurityVulns ID:13266
Тип:удаленная
Уровень опасности:
6/10
Описание:Многочисленные возможности межсайтового скриптинга через тело письма.
Затронутые продукты:ROUNDCUBE : Roundcube 0.9
CVE:CVE-2013-5645 (Multiple cross-site scripting (XSS) vulnerabilities in Roundcube webmail before 0.9.3 allow user-assisted remote attackers to inject arbitrary web script or HTML via the body of a message visited in (1) new or (2) draft mode, related to compose.inc; and (3) might allow remote authenticated users to inject arbitrary web script or HTML via an HTML signature, related to save_identity.inc.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2013:226 ] roundcubemail (09.09.2013)

Уязвимости безопасности в libmodplug
Опубликовано:9 сентября 2013 г.
Источник:
SecurityVulns ID:13267
Тип:библиотека
Уровень опасности:
5/10
Описание:Несколько возможностей выполнения кода.
Затронутые продукты:LIBMODPLUG : libmodplug 0.8
CVE:CVE-2013-4234 (Multiple heap-based buffer overflows in the (1) abc_MIDI_drum and (2) abc_MIDI_gchord functions in load_abc.cpp in libmodplug 0.8.8.4 and earlier allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via a crafted ABC.)
 CVE-2013-4233 (Integer overflow in the abc_set_parts function in load_abc.cpp in libmodplug 0.8.8.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted P header in an ABC file, which triggers a heap-based buffer overflow.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2751-1] libmodplug security update (09.09.2013)

Многочисленные уязвимости безопасности в продуктах Cisco WebEx
Опубликовано:9 сентября 2013 г.
Источник:
SecurityVulns ID:13268
Тип:клиент
Уровень опасности:
6/10
Описание:Повреждения памяти, переполнения буфера.
CVE:CVE-2013-1119 (Buffer overflow in Cisco WebEx Recording Format (WRF) player T27 LD before SP32 EP16, T27 L10N before SP32_ORION111, and T28 before T28.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted DHT index value in JPEG data within a WRF file, aka Bug ID CSCuc24503.)
 CVE-2013-1118 (Stack-based buffer overflow in Cisco WebEx Recording Format (WRF) player T27 LD before SP32 EP16, T27 L10N before SP32_ORION111, and T28 before T28.8 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCuc27645.)
 CVE-2013-1117 (Buffer overflow in the exception handler in Cisco WebEx Recording Format (WRF) player T27 LD before SP32 EP16, T27 L10N before SP32_ORION111, and T28 before T28.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted WRF file, aka Bug ID CSCuc27639.)
 CVE-2013-1116 (Buffer overflow in Cisco WebEx Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T27 L10N before SP32_ORION111, and T28 before T28.8 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted ARF file, aka Bug IDs CSCue74147 and CSCub28383.)
 CVE-2013-1115 (Buffer overflow in Cisco WebEx Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T27 L10N before SP32_ORION111, and T28 before T28.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted ARF file, aka Bug IDs CSCue74118, CSCub28371, CSCud23401, and CSCud31109.)
Файлы:Multiple Vulnerabilities in the Cisco WebEx Recording Format and Advanced Recording Format Players

Переполнение буфера в imagemagic
Опубликовано:9 сентября 2013 г.
Источник:
SecurityVulns ID:13269
Тип:библиотека
Уровень опасности:
5/10
Описание:Переполнение буфера при разборе GIF
Затронутые продукты:IMAGEMAGIC : imagemagic 6.7
CVE:CVE-2013-4298 (The ReadGIFImage function in coders/gif.c in ImageMagick before 6.7.8-8 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted comment in a GIF image.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2750-1] imagemagick security update (09.09.2013)

Несанкционированный доступ через libdigidoc
Опубликовано:9 сентября 2013 г.
Источник:
SecurityVulns ID:13270
Тип:библиотека
Уровень опасности:
5/10
Описание:Возможность перезаписи произвольного файла.
Затронутые продукты:LIBDIGIDOC : libdigidoc 3.6
CVE:CVE-2013-5648 (Absolute path traversal vulnerability in the handleStartDataFile function in DigiDocSAXParser.c in libdigidoc 3.6.0.0, as used in ID-software before 3.7.2 and other products, allows remote attackers to overwrite arbitrary files via a filename beginning with / (slash) or \ (backslash) in a DDOC file.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2013:225 ] libdigidoc (09.09.2013)

Уязвимости безопасности в RSA Archer GRC
Опубликовано:9 сентября 2013 г.
Источник:
SecurityVulns ID:13271
Тип:удаленная
Уровень опасности:
5/10
Описание:Некорректное ограничение логина, открытый редирект.
Затронутые продукты:EMC : RSA Archer GRC 5.4
CVE:CVE-2013-3277 (Open redirect vulnerability in EMC RSA Archer GRC 5.x before 5.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.)
 CVE-2013-3276 (EMC RSA Archer GRC 5.x before 5.4 allows remote authenticated users to bypass intended access restrictions and complete a login by leveraging a deactivated account.)
Оригинальный текстdocumentEMC, ESA-2013-057: RSA Archer(r) GRC Multiple Vulnerabilities (09.09.2013)

Переполнение буфера в Mikrotik RouterOS
Опубликовано:9 сентября 2013 г.
Источник:
SecurityVulns ID:13272
Тип:удаленная
Уровень опасности:
7/10
Описание:Переполнение буфера в сервере ssh
Оригинальный текстdocumentHI-TECH ., Mikrotik RouterOS 5.* and 6.* sshd remote preauth heap corruption (09.09.2013)
Файлы:Mikrotik RouterOS 5.* and 6.* sshd remote preauth heap corruption

DoS против exactimage
Опубликовано:9 сентября 2013 г.
Источник:
SecurityVulns ID:13273
Тип:локальная
Уровень опасности:
4/10
Описание:Несколько DoS-уязвимостей в dcraw
Затронутые продукты:EXACTIMAGE : exactimage 0.8
CVE:CVE-2013-1438 (Unspecified vulnerability in dcraw 0.8.x through 0.8.9, as used in libraw, ufraw, shotwell, and other products, allows context-dependent attackers to cause a denial of service via a crafted photo file that triggers a (1) divide-by-zero, (2) infinite loop, or (3) NULL pointer dereference.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2748-1] exactimage security update (09.09.2013)

Многочисленные уязвимости безопасности в маршрутизаторах Zoom
Опубликовано:9 сентября 2013 г.
Источник:
SecurityVulns ID:13274
Тип:удаленная
Уровень опасности:
5/10
Описание:Обратный путь в каталогах, обход авторизации, утечка информации.
Затронутые продукты:ZooM : Zoom X3
 ZooM : Zoom X4
 ZooM : Zoom X5
CVE:CVE-2013-5630 (** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: A public posting on 20130831 referenced this ID for a specific issue, but that issue had not been assigned this ID by any CNA. Notes: The posting will later have IDs assigned in accordance with CVE content decisions.)
 CVE-2013-5625 (** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: A public posting on 20130831 referenced this ID for a specific issue, but that issue had not been assigned this ID by any CNA. Notes: The posting will later have IDs assigned in accordance with CVE content decisions.)
 CVE-2013-5621 (** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: A public posting on 20130831 referenced this ID for a specific issue, but that issue had not been assigned this ID by any CNA. Notes: The posting will later have IDs assigned in accordance with CVE content decisions.)
Оригинальный текстdocumentkyle Lovett, Full Disclosure - Multiple vulnerabilities in five Zoom ADSL Modem/Routers (09.09.2013)

Многочисленные уязвимости безопасности в ядре Linux
дополнено с 9 сентября 2013 г.
Опубликовано:28 октября 2013 г.
Источник:
SecurityVulns ID:13265
Тип:локальная
Уровень опасности:
6/10
Описание:DoS-условия, повышения привилегий, утечка информации.
Затронутые продукты:LINUX : kernel 2.6
 LINUX : kernel 3.2
 LINUX : kernel 3.5
 LINUX : kernel 3.8
CVE:CVE-2013-4300 (The scm_check_creds function in net/core/scm.c in the Linux kernel before 3.11 performs a capability check in an incorrect namespace, which allows local users to gain privileges via PID spoofing.)
 CVE-2013-4254 (The validate_event function in arch/arm/kernel/perf_event.c in the Linux kernel before 3.10.8 on the ARM platform allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by adding a hardware event to an event group led by a software event.)
 CVE-2013-4205 (Memory leak in the unshare_userns function in kernel/user_namespace.c in the Linux kernel before 3.10.6 allows local users to cause a denial of service (memory consumption) via an invalid CLONE_NEWUSER unshare call.)
 CVE-2013-4163 (The ip6_append_data_mtu function in net/ipv6/ip6_output.c in the IPv6 implementation in the Linux kernel through 3.10.3 does not properly maintain information about whether the IPV6_MTU setsockopt option had been specified, which allows local users to cause a denial of service (BUG and system crash) via a crafted application that uses the UDP_CORK option in a setsockopt system call.)
 CVE-2013-4162 (The udp_v6_push_pending_frames function in net/ipv6/udp.c in the IPv6 implementation in the Linux kernel through 3.10.3 makes an incorrect function call for pending data, which allows local users to cause a denial of service (BUG and system crash) via a crafted application that uses the UDP_CORK option in a setsockopt system call.)
 CVE-2013-2899 (drivers/hid/hid-picolcd_core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PICOLCD is enabled, allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted device.)
 CVE-2013-2898 (drivers/hid/hid-sensor-hub.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_SENSOR_HUB is enabled, allows physically proximate attackers to obtain sensitive information from kernel memory via a crafted device.)
 CVE-2013-2896 (drivers/hid/hid-ntrig.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_NTRIG is enabled, allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted device.)
 CVE-2013-2892 (drivers/hid/hid-pl.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PANTHERLORD is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device.)
 CVE-2013-2888 (Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted device that provides an invalid Report ID.)
 CVE-2013-2851 (Format string vulnerability in the register_disk function in block/genhd.c in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and writing format string specifiers to /sys/module/md_mod/parameters/new_array in order to create a crafted /dev/md device name.)
 CVE-2013-2234 (The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel before 3.10 do not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of an IPSec key_socket.)
 CVE-2013-2232 (The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux kernel before 3.10 allows local users to cause a denial of service (system crash) by using an AF_INET6 socket for a connection to an IPv4 interface.)
 CVE-2013-2206 (The sctp_sf_do_5_2_4_dupcook function in net/sctp/sm_statefuns.c in the SCTP implementation in the Linux kernel before 3.8.5 does not properly handle associations during the processing of a duplicate COOKIE ECHO chunk, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted SCTP traffic.)
 CVE-2013-2164 (The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive.)
 CVE-2013-2140 (The dispatch_discard_io function in drivers/block/xen-blkback/blkback.c in the Xen blkback implementation in the Linux kernel before 3.10.5 allows guest OS users to cause a denial of service (data loss) via filesystem write operations on a read-only disk that supports the (1) BLKIF_OP_DISCARD (aka discard or TRIM) or (2) SCSI UNMAP feature.)
 CVE-2013-1943 (The KVM subsystem in the Linux kernel before 3.0 does not check whether kernel addresses are specified during allocation of memory slots for use in a guest's physical address space, which allows local users to gain privileges or obtain sensitive information from kernel memory via a crafted application, related to arch/x86/kvm/paging_tmpl.h and virt/kvm/kvm_main.c.)
 CVE-2013-1819 (The _xfs_buf_find function in fs/xfs/xfs_buf.c in the Linux kernel before 3.7.6 does not validate block numbers, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the ability to mount an XFS filesystem containing a metadata inode with an invalid extent map.)
 CVE-2013-1060 (A certain Ubuntu build procedure for perf, as distributed in the Linux kernel packages in Ubuntu 10.04 LTS, 12.04 LTS, 12.10, 13.04, and 13.10, sets the HOME environment variable to the ~buildd directory and consequently reads the system configuration file from the ~buildd directory, which allows local users to gain privileges by leveraging control over the buildd account.)
 CVE-2013-1059 (net/ceph/auth_none.c in the Linux kernel through 3.10 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an auth_reply message that triggers an attempted build_request operation.)
 CVE-2013-0343 (The ipv6_create_tempaddr function in net/ipv6/addrconf.c in the Linux kernel through 3.8 does not properly handle problems with the generation of IPv6 temporary addresses, which allows remote attackers to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information, via ICMPv6 Router Advertisement (RA) messages.)
 CVE-2012-5375 (The CRC32C feature in the Btrfs implementation in the Linux kernel before 3.8-rc1 allows local users to cause a denial of service (prevention of file creation) by leveraging the ability to write to a directory important to the victim, and creating a file with a crafted name that is associated with a specific CRC32C hash value.)
 CVE-2012-5374 (The CRC32C feature in the Btrfs implementation in the Linux kernel before 3.8-rc1 allows local users to cause a denial of service (extended runtime of kernel code) by creating many different files whose names are associated with the same CRC32C hash value.)
Оригинальный текстdocumentUBUNTU, [USN-1998-1] Linux kernel vulnerabilities (28.10.2013)
 documentLinux Kernel Patches For Linux Kernel Security, Linux Kernel Patches For Linux Kernel Security (01.10.2013)
 documentUBUNTU, [USN-1974-1] Linux kernel vulnerabilities (01.10.2013)
 documentUBUNTU, [USN-1968-1] Linux kernel vulnerabilities (01.10.2013)
 documentUBUNTU, USN-1976-1] Linux kernel vulnerabilities (01.10.2013)
 documentUBUNTU, [USN-1939-1] Linux kernel vulnerabilities (09.09.2013)
 documentUBUNTU, [USN-1944-1] Linux kernel vulnerabilities (09.09.2013)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород